CVE-2011-5323 in Healthcare Centricity PACS-IW
Summary
by MITRE
GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 09/04/2017
The vulnerability identified in GE Healthcare Centricity PACS-IW versions 3.7.3.7 and 3.7.3.8 represents a critical security flaw involving weak authentication credentials that could enable unauthorized access to medical imaging systems. This issue specifically concerns the SQL server user account designated as sa, which utilizes a predictable password value of A11enda1e. The vulnerability falls under the category of weak credentials and default authentication mechanisms, which are commonly exploited by threat actors seeking to gain unauthorized access to sensitive medical data. The ambiguity surrounding whether this password is default, hardcoded, or system-dependent creates additional complexity in assessing the true scope and impact of the vulnerability.
The technical implementation of this flaw stems from poor security configuration practices within the PACS system architecture, where administrative database credentials are not properly secured or randomized during deployment. The sa account, being the SQL Server system administrator, possesses extensive privileges including full database access, data manipulation capabilities, and system-level administrative functions. When this account is configured with a known, predictable password, it creates an easily exploitable attack vector that aligns with common tactics used in credential-based attacks. This vulnerability directly maps to CWE-798, which addresses the use of hard-coded credentials, and CWE-259, which covers the use of weak password mechanisms. The attack surface is further expanded as this system typically handles sensitive patient medical data, making it an attractive target for both external attackers and insider threats.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it could potentially lead to complete system compromise and data breaches. Medical imaging systems contain highly sensitive patient information that falls under regulatory compliance requirements such as HIPAA, making unauthorized access a serious concern. Attackers could exploit this weakness to modify patient records, delete critical imaging data, or extract sensitive medical information for malicious purposes including identity theft or insurance fraud. The potential for disruption to healthcare operations is significant, as PACS systems are critical infrastructure components that support clinical decision-making and patient care. Additionally, the vulnerability could enable lateral movement within hospital networks, as compromised database credentials often provide access to other interconnected systems that may not have adequate protection measures in place.
Mitigation strategies for this vulnerability should prioritize immediate credential management and system hardening. Organizations must immediately change the default password for the sa account to a strong, randomly generated value that meets complexity requirements and is stored securely using proper key management practices. The system should implement regular credential rotation policies and ensure that all administrative accounts have unique, non-guessable passwords. Network segmentation should be implemented to limit access to database servers, and additional authentication mechanisms such as multi-factor authentication should be considered for high-privilege accounts. This vulnerability demonstrates the importance of proper security configuration management and aligns with ATT&CK technique T1078 which covers valid accounts and credential access. System administrators should also conduct comprehensive security assessments to identify any other hardcoded or default credentials within the environment, as this represents a common pattern of insecure configuration practices that require systematic remediation across all deployed systems.